https://bz.apache.org/bugzilla/show_bug.cgi?id=69706
Bug ID: 69706 Summary: Session persistence broken when persistAuthentication is turned on in tomcat 11.0.7 Product: Tomcat 11 Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Authentication Assignee: dev@tomcat.apache.org Reporter: mhartma...@gmx.net Target Milestone: ------- Session serialization fails between restarts of tomcat, when both of these conditions are met: - persistAuthentication is turned on in context.xml (by line '<Manager pathname="SESSIONS.ser" persistAuthentication="true"/>' ) - Active _unauthenticated_ user sessions exist Following the related stack trace from "catalina.${date}.log": java.io.NotSerializableException: java.util.OptionalInt at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1200) at java.base/java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1585) at java.base/java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1542) at java.base/java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1451) at java.base/java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1194) at java.base/java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:358) at org.apache.catalina.session.StandardSession.doWriteObject(StandardSession.java:1275) at org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:837) at org.apache.catalina.session.StandardManager.unload(StandardManager.java:218) at org.apache.catalina.session.StandardManager.stopInternal(StandardManager.java:285) at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:235) at org.apache.catalina.core.StandardContext.stopInternal(StandardContext.java:4660) at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:235) at org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:626) at org.apache.catalina.startup.HostConfig.undeploy(HostConfig.java:1439) at org.apache.catalina.startup.HostConfig.checkResources(HostConfig.java:1348) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1617) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:263) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:109) at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:940) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1139) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1143) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1121) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572) at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:358) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:59) at java.base/java.lang.Thread.run(Thread.java:1583) Note that org.apache.catalina.authenticator.SavedRequest does implement java.io.Serializable, while its member variable originalMaxInactiveInterval of type java.util.OptionalInt does _not_. This has been changed at some point between tomcat version 11.0.1 and 11.0.7. (Version 11.0.0 did not have this issue.) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org